IMFO Audit & Risk Indaba June 2012

Slides:



Advertisements
Similar presentations
Organizational Governance
Advertisements

. . . a step-by-step guide to world-class internal auditing
The Audit Committee and the Evolving role of the Internal Audit function Dr Claudelle von Eck.
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
[Organisation’s Title] Environmental Management System
Auditing, Assurance and Governance in Local Government
Lisanne Sison Director ERM Bickmore
Chapter 10 Accounting Information Systems and Internal Controls
Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
It’s Time to Talk About Risk and Control
Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Institute of Municipal Finance Officers & Related Professions
Applying COSO’s Enterprise Risk Management — Integrated Framework
Quality evaluation and improvement for Internal Audit
1 What is Internal Audit’s Role in Management’s Assertion The Institute of Internal Auditors May 11, 2004 Xenia Ley Parker, CIA, CISA, CFSA Principal XLP.
Purpose of the Standards
PAINTING THE FULL PICTURE
Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.
Information Technology Audit
Internal Auditing and Outsourcing
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
Central Piedmont Community College Internal Audit.
The role of internal audit in enterprise-wide risk management (ERM)
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
Risk Management Report to Audit Committee 26 September 2006 Lee Harris Assistant Chief Executive.
RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
© 2007 KPMG, the Malaysian member firm of KPMG International, a Swiss cooperative. All rights reserved. 1 Differing Roles of Internal Auditor and Risk.
City of Tshwane GDS August Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.
IRS Enterprise Risk Management (ERM)
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
1 Co-operation in Implementing Internal and External Audit in the Republic of Moldova Gh. Cojocari Court of Accounts (CoA) Chisinau, June 2007.
1 The Auditor’s Role in Governance: Emulate, Evaluate, Educate Lori Cox, CIA, CGAP IIA Tucson Chapter President Director – Internal Audit, Pima Community.
Applying a risk model in state internal and external audits.
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
Briefing to the portfolio committee: Social Development Audit outcomes of the Social Development portfolio for the financial year October 2015.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.
RISK MANAGEMENT IN THE PUBLIC SECTOR CONVERGING MULTIPLE STAKEHOLDER’S EXPECTATIONS Organised by National Treasury Presented by WELEKAZI DUKUZA CEREBRO.
INTERNAL AUDIT & RISK MANAGEMENT ROLE IN PROVISION OF SUSTAINABLE SERVICES Institute of Municipal Finance Officers & Related Professions.
JMFIP Financial Management Conference
Hans Nieuwlands CIA CGAP CCSA CEO IIA Netherlands
An Overview on Risk Management
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY
Audit & Risk Management
Value of internal auditing: Assurance, Insight, objectivity
SAPS Audit Committee 26 October 2016.
COSO Internal Control s Framework
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY
Value of internal auditing: Assurance, Insight, objectivity
Edit Nemeth, Vice Chair of IACOP
Edit Nemeth, Vice Chair of IACOP
2017 Administration and Finance Conference
Value of internal auditing: Assurance, Insight, objectivity
Value of internal auditing: Assurance, Insight, objectivity
Taking the STANDARDS Seriously
Briefing to the Portfolio Committee on Defence on the audit outcomes for the 2013/2014 financial year.
Internal Audit’s Role in Preventing Fraud and Corruption
An overview of Internal Controls Structure & Mechanism
REPUBLIC OF SOUTH AFRICA (RSA) APPROACH TO THE COSO COMPONENTS 2 & 3 AND THE 3 LINES OF DEFENCE (COMBINED ASSURANCE) Presenter: Pulane Mkhize | National.
Presentation transcript:

IMFO Audit & Risk Indaba 28-29 June 2012 Complimentary role of CAE and CRO in the provision of combined assurance IMFO Audit & Risk Indaba 28-29 June 2012 Nathi Mhlongo-eThekwini Municipality

Discussion topics King 111 on combined assurance- Where is it risky? Are we focusing where it matters?---- Source PwC statistical information Critical areas of convergence for CAE and CRO Requirements for effective cooperation between CAE and CRO Benefits of combined assurance

King 111……… 3.5 The Audit Committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance services Management External Assurance Provide Internal Assurance Provides Combined assurance

Combined assurance model Council and Key Committees OVERSIGHT Audit and Risk Committee Municipal Manager and Key Committees Risk Management Committee MANAGEMENT GOVERNANCE First Line of Defence Second Line of Defence Third Line of Defence ASSURANCE Chief Risk Office Ethics and Compliance Ombudsperson Legal Internal and External Auditors Management of Operations

Is there convergence between IA and ERM? Internal Audit Risk Management

Chief Risk Officer 1 Provide overall leadership, vision and direction for ERM 2 Establish an integrated framework for all risks in the organization 3 Develop risk management policies incl quantification of management’s risk appetite 4 Implement a set of risk indicators and reports incl incidents and losses 5 Communicate the organizations risk profile to stakeholders 6 Develop analytical, systems and data management capabilities to support the risk management program 6

Chief Audit Executive 1 Evaluate the ERM methodologies and processes to ensure they are working as intended 2 Reviews and provides assurance that the risks of the organization are being systematically identified, evaluated and appropriately managed 3 Monitor and evaluate the adequacy and effectiveness of the risk mitigation responses designed by management. 4 Reporting to the Audit Committee on the effectiveness of the ERM process, procedures and internal controls. 7

King 3 on risk management and combined assurance The board should ensure that frameworks and methodologies are implemented to increase the probability of anticipating unpredictable risks King 3 on IA and combined assurance The board should receive assurance regarding the effectiveness of the risk management process

Can CAE and CRO collaborate? What does ERM mean? How do both functions fit into the equation? How can internal audit assist and yet independently evaluate risk management activities?

ERM Definitions RIMS: ERM is a strategic business discipline that supports achievement of an organization’s objectives by addressing the full spectrum of its risks and managing a combined impact of those risks as a interrelated risk portfolio The IIA: ERM is a structured, consistent and continuous process across the whole organization for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievement of objectives. Source: The IIA and RIMS

Common areas of convergence ISO 31000:2009 IIA International Professional Practice Framework COSO ERM framework Open Compliance and Ethics Group’s Red Book RIMS and IIA 2012 joint report eThekwini Municipality - EXCO ERM

Managing risk makes sense………. 12

Risks that are generally not perceived as well managed How well is risk being managed? PwC 2012 State of the IA Profession Study June 2012

Stakeholders value internal audit’s contribution… and want more Which risks are receiving too little attention from internal audit? PwC State of the IA Profession Study June 2012

Lets reflect…………Can IA provide assurance….

The fact of the matter is……… Are risks adequately covered in the risk profile? Is risk information simplified or excessively cluttered? Is risk information credible? Expertise of the CRO Stakeholder consensus on risks raised by management? CAE robust dialogue with CRO around ERM? AG participation in dialogue? Is ERM effective? Is IA specific skill available? Does IA have enough budget?

Results of Ineffective Risk Management Poor identification of risks Breakdown in internal control that could prevent the organization from achieving its objective Reactive responses to potential risks, rather than proactive Changing/ new risks are not adequately identified, controlled and managed Inability to leverage on internal audit expertise e.g root cause analysis, impact assessment etc Inability to leverage on ERM expertise

Expectations from CAE Timely recommendations Risk impact insight Quality of recommendations to improve business performance

Critical area of convergence for CAE/CRO Root cause and impact assessments-IA Controls design and implementation consulting-ERM Action planning and real time assurance on implementation according to plan-IA/ERM Combined assurance Effective and efficient communication

An effective combined assurance framework To ensure success, the organisation requires: A common risk language Enabling technology Clearly defined roles of all assurance providers Approved combined assurance policy to ensure commitment to cooperate A communication plan – encompassing ongoing communication Involvement from senior leadership – “tone at the top” Continued coordination, reporting and communication Provision of necessary and appropriate training

Risk Register # Original Risk name Common Risk name Background to risk Consequence of the risk Impact Likelyhood Inherent risk exposure Current controls Perceived Control Effectiveness Description Perceived Control Effectiveness % Residual risk exposure Risk Owner Actions to improve management of the risk Action owner Due date 1   2 3

eThekwini Municipality - EXCO ERM Acknowledgements King 111 PwC 2012 State of Internal Audit Study EThekwini Municipality ERM framework RIMS and IIA 2012 Joint Report eThekwini Municipality - EXCO ERM

eThekwini Municipality - EXCO ERM “Siyabonga kakhulu” ????????????????? eThekwini Municipality - EXCO ERM